The return of the script kiddie

More details are emerging about the man behind the recent celebrity Twitter attack everyone seems to be talking about. In case you had missed it, a hacker managed to post fictional feeds from various celebrity Twitter feeds, including CNN anchorman Rick Sanchez, Barack Obama and Britney Spears.

As Mikko Hyppönen of content security vendor F-Secure explained, it was first thought the hacker in question - a teenager known as GMZ - had directly attacked high profile accounts, but this was not actually the case.

GMZ actually used a combination of cunning, luck and technology to do his dirty work. He first targeted the account of a random, popular Twitter user, using an automated password guessing tool to get her password. Once in, he found she was actually a Twitter staffer who had access to the Twitter admin control panel - from then on it was easy to access any account he wished by resetting the passwords.

Some have cautioned that the Twitter staffer who was hacked should have used a more difficult password to crack than 'happiness', but the real fault surely lies with Twitter administrators, in letting the system allow an unlimited number of quick-fire log-in attempts.

"I feel it's another case of administrators not putting forth effort toward one of the most obvious and overused security flaws," GMZ wrote in an IM interview with the Threat Level blog. "I'm sure they find it difficult to admit it."

In the end, Twitter is pretty lucky this time that it was only embarrassed by a script kiddie. Next time, the hackers may be motivated by more malicious intent.